[
https://issues.apache.org/jira/browse/KNOX-2775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar reassigned KNOX-2775:
-----------------------------------
Assignee: Balazs Marton
> Using managed token without setting knox.token.exp.server-managed to true in
> the topolgy
> ----------------------------------------------------------------------------------------
>
> Key: KNOX-2775
> URL: https://issues.apache.org/jira/browse/KNOX-2775
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Balazs Marton
> Assignee: Balazs Marton
> Priority: Major
>
> Recreating the bug:
> Configure a topology with jwt federation provider where
> "knox.token.exp.server-managed" is NOT set to "true".
> Create a token using the token management site and set it to disabled.
> The expected response after using the disabled token would be 401, but
> instead it successfully authenticates.
> We should consider denying managed tokens on a topology where
> "knox.token.exp.server-managed" is not set to "true" and inform the user with
> an error message.
> {code:java}
> "providers": [
> {
> "role": "federation",
> "name": "JWTProvider",
> "enabled": "true",
> "params": {}
> }
> ]
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
